Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2012-0884

Published: 13/03/2012 Updated: 10/01/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Openssl

Vulnerability Summary

The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL prior to 0.9.8u and 1.x prior to 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent malicious users to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack.

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl 1.0.0c

openssl openssl 1.0.0b

openssl openssl 1.0.0a

openssl openssl 0.9.8o

openssl openssl 0.9.8n

openssl openssl 0.9.8g

openssl openssl 0.9.8f

openssl openssl 0.9.7l

openssl openssl 0.9.7m

openssl openssl 0.9.7d

openssl openssl 0.9.7c

openssl openssl 0.9.6k

openssl openssl 0.9.6j

openssl openssl 0.9.6

openssl openssl 1.0.0e

openssl openssl 1.0.0d

openssl openssl 0.9.8q

openssl openssl 0.9.8p

openssl openssl 0.9.8i

openssl openssl 0.9.8h

openssl openssl 0.9.8a

openssl openssl 0.9.8

openssl openssl 0.9.7h

openssl openssl 0.9.7f

openssl openssl 0.9.7e

openssl openssl 0.9.6l

openssl openssl 0.9.6m

openssl openssl 0.9.6c

openssl openssl 0.9.6b

openssl openssl 0.9.3

openssl openssl 0.9.2b

openssl openssl 1.0.0g

openssl openssl 1.0.0f

openssl openssl 0.9.8s

openssl openssl 0.9.8r

openssl openssl 0.9.8k

openssl openssl 0.9.8j

openssl openssl 0.9.8c

openssl openssl 0.9.8b

openssl openssl 0.9.7i

openssl openssl 0.9.7g

openssl openssl 0.9.7

openssl openssl 0.9.6h

openssl openssl 0.9.6f

openssl openssl 0.9.6e

openssl openssl 0.9.6d

openssl openssl 0.9.4

openssl openssl 0.9.3a

openssl openssl 0.9.6a

openssl openssl 0.9.1c

openssl openssl 0.9.1b

openssl openssl 1.0.0

openssl openssl

openssl openssl 0.9.8m

openssl openssl 0.9.8l

openssl openssl 0.9.8e

openssl openssl 0.9.8d

openssl openssl 0.9.7k

openssl openssl 0.9.7j

openssl openssl 0.9.7b

openssl openssl 0.9.7a

openssl openssl 0.9.6i

openssl openssl 0.9.6g

openssl openssl 0.9.5a

openssl openssl 0.9.5

openssl openssl 0.9.0b

Vendor Advisories

Red Hat: Moderate: openssl security and bug fix update
Synopsis Moderate: openssl security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated openssl packages that fix two security issues and one bug are nowavailable for Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as having moderatesecurity i ...
Ubuntu Security Notice: openssl vulnerabilities
Applications using OpenSSL in certain situations could be made to crash or expose sensitive information ...
Amazon Linux AMI: ALAS-2012-062
A NULL pointer dereference flaw was found in the way OpenSSL parsed Secure/Multipurpose Internet Mail Extensions (S/MIME) messages An attacker could use this flaw to crash an application that uses OpenSSL to decrypt or verify S/MIME messages (CVE-2012-1165) A flaw was found in the PKCS#7 and Cryptographic Message Syntax (CMS) implementations in O ...

References

CWE-310http://www.openssl.org/news/secadv_20120312.txthttp://marc.info/?l=bugtraq&m=134039053214295&w=2http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077086.htmlhttps://hermes.opensuse.org/messages/14330767http://secunia.com/advisories/48895http://www.debian.org/security/2012/dsa-2454http://secunia.com/advisories/48916http://rhn.redhat.com/errata/RHSA-2012-1306.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1307.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1308.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-April/077666.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0531.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0488.htmlhttps://downloads.avaya.com/css/P8/documents/100162507http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.htmlhttp://www.kb.cert.org/vuls/id/737740http://secunia.com/advisories/57353http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564http://marc.info/?l=bugtraq&m=133951357207000&w=2http://marc.info/?l=bugtraq&m=133728068926468&w=2http://secunia.com/advisories/48580http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077221.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0426.htmlhttps://access.redhat.com/errata/RHSA-2012:0426https://usn.ubuntu.com/1451-1/https://nvd.nist.govhttps://www.kb.cert.org/vuls/id/737740
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook